Splunk Search

Ask a Question

Discussions

Thread Info

Need to extract Workweek from date

I have a date like 2020-06-08 06:39:49.0 I need to extract workweek from it. Thanks in advance.

by Explorer in

Add avg to xyseries

I have a column chart that works great, but I want to add a single value to each column. The columns represent the...

by Explorer in

Search by lookup file did not return all results

I have a base search that produces a lookup that contains a million rows. When doing inputlookup, it displays the num...

by Explorer in

Matching fields from different indices to return another field

Hi, I have two different indexes where I need to match a field and if true, return another field. First Search ...

by Path Finder in

Zero results when searching with Splunk Powershell Module.

I am experiencing an odd behavior with my Splunk module for powershell. A search query that on the web interface woul...

by Path Finder in

search with parameters

Hello, I have this query: index=prod eventtype="csm-messages-dhcpd-lpf-eth0-listening" OR eventtype="csm-messag...

by Communicator in

Join 3 source types with common field which matches on substring

Hi All, I have query below which joins 3 sources 1,2,3 on id field, this works when id values matches across 3 source...

by Explorer in

How to apply a regular expression that pulls multiple values from application log and show them to the given field name

Hi all, I've been struggling to extract certain values from application logs and assign them to the given field na...

by Path Finder in

How to build a lookup table based on a condition?

Hello all, I can't figure out how to build a lookup with a condition. I have the following table which is my base ...

by Engager in

Error message when creating a diag file

Hello All, I'm receiving the following error when I try to create a diag file; ./splunk diag Collecting compone...

by Path Finder in

How to add a value from a lookup table to results, by using a field value from the search?

I want to include a value from a lookup table in search results, by using a field value from the main search.

by New Member in

How to abort a search if lookup file is causing errors and incomplete results?

Hello all, I'm using a search that baselines user activity (looks back in time). But I've noticed that sometimes t...

by Explorer in

How to extract fields between backslashes and quotes with rex command?

These rows have a field that begins and ends with a quote, but have different meanings between the backslashes. 1s...

by Explorer in

Month to date for previous month with current month date

Hi, I have to extract the sum of particular search output from my query and the same needs to be compared with pre...

by Explorer in

How to add a new column with serial number based on the uniqueness of the existing column?

I have a column called "message" which has duplicate records in it. I want to create a new column named "serial" besi...

by Path Finder in

I want number of days between two events in splunk search?

My query index=main source=secure.log sourcetype=* | stats earliest(_time) as start, latest(_time) as stop | eval...

by Motivator in

Multiselect: value's prefix and suffix not working

Hi Splunk colleagues, I'm having a problem with multiselect in my dashboards. Here's the code of the multiselect: ...

by New Member in

What is the usage of "(?msi)" in Splunk with rex comamnd?

Hi,I am having some problem to understand the usage of "(?msi)" with rex command,please help me regarding that?

by Path Finder in

How to display the value of the difference result in Splunk?

Hi, How can I display the actual value of the difference in a new column? The value is "cts16k1sacc". Row 1 in att...

by Explorer in

stats count or eval

I am trying to make an overview with different counts. The message always starts with : logger="blahblah-main.Star...

by Path Finder in

Why does search only display 24 hours of event data on Linux, but all-time on Windows?

There are approximately 1.5 Billion ingested entries from 40 forwarders.Performing a search with any criteria on Wind...

by Observer in

How to get the field value from a previous event to compare with the value of the same field in the following event?

Hi all, I'd like to get value on a field to my previous event to compare this same field with the current value ...

by Path Finder in

generate a list of unique hashes and append new hashes hourly

I would like to take the following search that generates the hashes and outputs the lookup: index=windows source="...

by Communicator in

Field extraction from data within backslashes

Hi, I have dateset that contains IP addresses. IP Addresses are coming in variations due to ranges they are assign...

by Builder in

How to resolve error in rex command when parsing a long string with escaped double quotes?

Hi everybody, When parsing a long string containing escaped double-quotes I get this error: Error in 'rex' comm...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Need to extract Workweek from date

Add avg to xyseries

Search by lookup file did not return all results

Matching fields from different indices to return another field

Zero results when searching with Splunk Powershell Module.

search with parameters

Join 3 source types with common field which matches on substring

How to apply a regular expression that pulls multiple values from application log and show them to the given field name

How to build a lookup table based on a condition?

Error message when creating a diag file

How to add a value from a lookup table to results, by using a field value from the search?

How to abort a search if lookup file is causing errors and incomplete results?

How to extract fields between backslashes and quotes with rex command?

Month to date for previous month with current month date

How to add a new column with serial number based on the uniqueness of the existing column?

I want number of days between two events in splunk search?

Multiselect: value's prefix and suffix not working

What is the usage of "(?msi)" in Splunk with rex comamnd?

How to display the value of the difference result in Splunk?

stats count or eval

Why does search only display 24 hours of event data on Linux, but all-time on Windows?

How to get the field value from a previous event to compare with the value of the same field in the following event?

generate a list of unique hashes and append new hashes hourly

Field extraction from data within backslashes

How to resolve error in rex command when parsing a long string with escaped double quotes?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions